No projects submitted to Fortify Open Source Review, as Fortify is updating the application. We have talked extensively with Fortify and OWASP about the changes and how they match our workflow.

2. To what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage.

The current status of tasks planned for the end of June is:

Team finalized (100%)

Projects selected (100%)

Preliminary workflow (100%)

Projects submitted (0%)

Since the Fortify open source review is not currently accepting projects, we have not been able to submit any projects. However, we are currently analyzing the following tools using Fortify's commercial source code analyzer (SCA) tool.

MediaWiki

SquirrelMail

WordPress

The updated version of Fortify's web site will allow us to upload the FPR files generated by this tool to create projects immediately, instead of waiting a week. The following tasks remain to be done:

Revise workflow based on reviews.

Submit initial project to Fortify site once its online for testing.

Submit 3 projects as continuously analyzed projects on Fortify site.

Select additional OWASP and non-OWASP projects to analyze.

3. What kind of help is required either from the Reviewers or from the OWASP Community?